In this Corporate Compliance Insights article, Zach Judge-Raza and Jamie Elbert explain why the EU Data Act, which took effect in September 2025, marks a structural shift in the EU data landscape. The act aims to facilitate broader access to and sharing of data generated by connected products and services, so for technology companies, compliance requires more than just the development of compliant policies.
The General Data Protection Regulation (GDPR), meanwhile, restricts and regulates the processing and transfer of personal data, leading to an acute tension of sorts that may lead to parallel investigations of companies operating across the EU.
“Compliance with the data act will not be a one-time product change. It will require ongoing oversight, encompassing version control, product testing and documentation updates to ensure that new and existing products remain consistent with the act’s requirements. […] Companies should treat readiness as an enterprise-wide initiative rather than a discrete legal or compliance issue.”